For AI agents: A markdown version of this page is available at https://docs.datadoghq.com/security/cloud_security_management/triage_and_prioritize.md. A documentation index is available at /llms.txt.

Triage and Prioritize

Cloud Security generates findings across vulnerabilities, misconfigurations, and identity risks. Triage and Prioritize covers two related capabilities: the engine that identifies the findings that expose your business-critical resources, and the scoring framework that translates that judgment into a per-finding severity score you can sort, filter, and route on.

Runtime Prioritization Engine

Join the Preview!

Runtime Prioritization Engine is in Preview for Cloud Security Vulnerabilities. Use this form to request access.

Request Access

The Runtime Prioritization Engine combines runtime observability and security data to identify the ~5% of findings truly exposing your business-critical resources. It evaluates each finding across five dimensions: reachability, exposure, exploitability, business criticality, and actionability.

Severity Scoring

Severity Scoring turns the Runtime Prioritization Engine’s output into a Datadog Severity Score on each finding. For vulnerabilities, it follows the CVSS 4.0 algorithm, enriching the base score with temporal factors (such as active exploits or exploitation probability) and environmental factors (such as runtime context, exposure, or criticality of the affected resource). For misconfigurations and identity risks, it computes severity using a likelihood × impact matrix that weighs how an adversary could abuse the finding against the damage that abuse would cause.

Further reading

Additional helpful documentation, links, and articles:

Runtime Prioritization EngineDOCUMENTATION more more Severity ScoringDOCUMENTATION more more Review prioritized findings in the Security InboxDOCUMENTATION more more